The decryption keys management dialog – Cace Technologies AirPcap Wireless Capture Adapters User Manual

18

AirPcap User’s Guide

The Decryption Keys Management Dialog

This dialog window (shown in Figure 8) can be used to organize the keys
that will be used to decrypt the wireless packets. It is possible to decrypt
packets encrypted with WEP, WPA and WPA2. however, notice that:

• In order to decrypt WPA and WPA2 you will need to capture the

4-way EAPOL handshake used to establish the pairwise transient
key (PTK) used for a session.

• Wireshark can only decrypt “WPA personal” sessions, which use

pre-shared keys. Decryption of “WPA Enterprise” sessions is not
supported.

As explained in “The Wireless Toolbar” section, there are three possible
decryption modes: None, Driver and Wireshark. The keys specified in this
dialog will be used either by the Driver or Wireshark depending upon the
selected Decryption Mode. It should be noted that WPA and WPA2 are
decrypted only in Wireshark mode.

Note that, no matter which setting is used, the keys are applied to the
packets in the same order they appear in the keys list. Therefore, putting
frequently used keys at the beginning of the list improves performance.

To add or remove a key, use the “Add New Key” or “Remove Key”
buttons, respectively. “Edit Key” allows you to change the value of an
existing key. “Move Key Up” and “Move Key Down” can be used to
change the order of the keys. This may be an important performance
consideration, since the driver uses the keys in the order they appear in
this list.

Use the “Select Decryption Mode” drop-down box to switch among the
different decryption modes.

Figure 8: Decryption Keys Management Dialog in Wireshark